amd64/153307: Bug with PF firewall
Manuel G Ochoa
mochoa at bloodinthestreets.org
Mon Dec 20 13:50:11 UTC 2010
>Number: 153307
>Category: amd64
>Synopsis: Bug with PF firewall
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-amd64
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Dec 20 13:50:10 UTC 2010
>Closed-Date:
>Last-Modified:
>Originator: Manuel G Ochoa
>Release: Freebsd 8.1
>Organization:
Agency Matrix LLC
>Environment:
FreeBSD xxx.xxxxxxxx.xxx 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon Jul 19 02:3
6:49 UTC 2010 root at mason.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC amd64
>Description:
PF firewall does not work as expected after a reboot
>How-To-Repeat:
Configure /etc/pf.conf as follows:
ext="em0"
table <trusted> persist file "/etc/trusted"
scrub in
pass in quick from <trusted>
block in on $ext
Configure /etc/trusted as follows:
192.168.1.39
Reboot server
Any ip address will pass through the firewall
run:
pfctl -t trusted -T show
results:
Table does not exist.
>Fix:
run this command:
pfctl -f /etc/pf.conf
This command will reload the pf config file and load the table into the rule set.
run:
pfctl -t trusted -T show
results:
192.168.1.39
Now, only this ip address is allowed through the firewall. All other addresses are blocked.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-amd64
mailing list